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CERTIFICATE OF MAILING 

I hereby certify that this paper and the documents referred to 
as being attached or enclosed herewith are being deposited 
with the United States Postal Service as First Class Mail in an 
envelope addressed to: MAIL STOP AMENDMENT, 
COMMISSIONER FOR PATENTS, P.O. BOX 1450, 
ALEXANDRIA, VA 22313-1450 on the date shown below. 



Attorney or Agent 
for Applicant(s) 



Date Mailed June 13, 2005 




DECLARATION UNDER 37 C.F.R. § 1.131 

Dear Sir: 

I, Michael D. Jones, declare that copies of the following documents pertaining to U.S. 
Patent Application 09/580,689, filed May 30, 2005 and naming Arturo Maria as inventor are 
attached: 

1. An Invention Disclosure for Patent Review dated December 10, 1998, naming Art 
Maria as submitter; 

2. A letter, dated November 11,1 999, requesting preparation of a patent application 
for "Floating Instrusion Detection Machines (FIDM)," Arturo Maria, inventor; 

3. A letter, dated April 10, 2000, enclosing a draft patent application stating that the 
application has been reviewed and approved by the inventor, Arturo Maria, and is enclosed for 
additional review; 
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4. A letter, dated May 5, 2000, enclosing a patent application reviewed and 
approved by the inventor, Arturo Maria, as well as by AT&T; and 

5. A letter to Mr. A. Maria, dated May 9, 2000, enclosing a copy of a patent 
application ready to be filed and a Declaration and Power of Attorney for signature by Mr. 
Maria. 



One World Trade Center, Suite 1600 
121 S.W. Salmon Street 
Portland, Oregon 97204 
Telephone: (503)226-7391 
Facsimile: (503) 228-9446 



Respectfully submitted, 



KLARQUIST SPARKMAN, LLP 




Michael D. Jones 
Registration No. 41,879 
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Note: To use this form online, tab or arrow-key between fields; press the space bar to check boxes. 



12/10/98 
Art Maria 



E-fnall Address: 



Please answer th^ 



descrfces your idea, attach it along with this form 



Title of Your Idon 




When descrfcing your idea, please abttrmthetoBowing: 

- What is 17 ... ■ • • - \ ; \ \/ : , '; ," : • " ' '•• 

- Hwdoesitwork? \, •.' " 

- Describe if there is a date involved, e.g. f Production or announcement of a service or product 

'Intrusion Detection Systems (IDS) are commonly known hardware/software systems which use knowledge based rules and artificial 

intelligence concepts to detects patterns of attacks in netw^ 

databases. . ■ .- ■.' "-\ \\ y ; . . > • ' 

IDS platforms are usually placed at critical network entry points; as network packets enter the network, these packets are inspected by 
IDS sensors, and compared against profiles stored in databases for potential rejection and alarming. 

This invention describes a Floating Intrusion Detection Machine (RDM) architecture which is a unique software system comprised of four 
elements: (a) RDM sensors, (b) servers, (c ) sockets and (d) machines. 

(a) RDM Sensors: Intrusion Detection Systems (IDS) rjiatforms which use centralized RDM servers and databases to detect and filter 
attacks. \\ . ~ . • ■ • • ■- " 

(b) RDM Serves: IDS database servers which host knowfedge-based rules and patterns of attacks. 

(c ) RDM Sockets: Software programs and reserved areas which have the ability to host FIDM software agents transmitted through the 
network. When software agents are received, these sockets host the programs and commence execution of the code which takes over 
the machine and conyer the machine into ah RDM platform. 

(d) RDM Machines: Any machine in the network capable of hosting FIDM sockets and agents. Once the agent is loaded, the FIDM 
machine is transformed into an RDM sensor or server. 

The primary benefit of the RDM architecture is the capability to implement network elements that would take control over 'any* machine 
in a network designated as FIDM capable, and convert this device into an Intrusion Detection System (IDS) sensor or server depending on 
particular real-time needs. The invention works as follows: 

FIDM sensors would be placed at the perimeter entrances of network(s) being protected. 

RDM servers would be placed in protected or "bastion* sub-networks. These servers would host centralized knowledge base rules 
databases which would contain historical patterns of attack. 

In addition to the RDM server, there would be an unlimited number of machines that would be designated as FIDM platforms. Each FIDM 
platform would have the potential of being converted into an RDM sensor and/or server in the event of a network attack. 

Machines designated as potential RDM platforms in the network would have an FIDM "socket" installed in the TCP/IP network stack. 
When a network intrusion would be detected, the RDM server would attach an RDM agent to the machine being designated as the new 
RDM sensor/server. . This agent would take control over the machine and transform the machine into an FIDM sensor or server depending 
on the particular intrusion detected. 

Since every host in the network is a potential FIDM sensor/fitter, intruders would be hard pressed to device strategies to bypass or 
compromise Intrusion Detection Systems. V 

Another advantage of this architecture is that sensors and servers do not have to be pre-assigned in the network. The only preasignment 
would have to take place in the initial RDM server and associated databases. Once the client socket is installed in potential RDM 
platforms, any of these machines could be transformed into an IDS sensor, filter or server depending on the need. 
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November 11, 1999 



Kenyon and Kenyon 
1S00K. Street, NW 
Washington, DC 2000S 

Dear* " _ ' . _. . . \ ■ / 

Please prepare a formal patent application for the attached disclosure,: 



IDS No. 113639, AWS 459 

Inventors: Arturo Maria * 

Work 425 580 6162 ; 
2802 107* Avenue NE 
Bellevue, WA 98004 
Email: art.maria@attws.com 



Title: 



Floating Intrusion Detection Machines (FIDM) 



.* ... 



•tueoM vaujcv orncc 



law omen or 
KEN YON & KEN YON 

i860 K STREET, N.W., SUITE 700 
WASHINGTON, O.C. 2006S-I2S7 
TEL. (tOH) 220-4200 
FAX. <202> 220-4201 
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April 10,2000 



•OJt* PHAMKPURT AM MAIN 

W>M»<M*|7MNO 
TAX. (4*1 »*» »7 M OB M 



200 Laurel Avenue 
RoomE43B12 
K^eto^NJ 07748 



Dear) 




YourRef: AWS459, IDS mireo- fti^Ref • ^/m^o 



ion prepared by us for the above 
re&r ? < ^ ^ e It has already been reviewed and approved by the inventor, Arturo Maria. 



KBNYON & K^NYON 
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KENYON & KENYON 

1500 K STREET, N.W M SUITE 700 
WASHINGTON, D.C. 20005-1257 
TEL. (2Q2) 22O-4260 
FAX. <202) 220-4201 
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AT&T Corp, ... 
200 Laurel Avenue 
RoomE43B12 
Middletown, NJ 07748 



May 5, 2000 



Re: 



U.S. Patent Application " ^ ; 

FLOATING INTRUSION DETECTION PLATFORMS 
Your Ref; A WS 459 ms 1 ifrfto. Ref : . ^ g yi j lf , Q 



Dear; 



Please find enclosed an application plated by us for the above referenced case which is 
ready to be filed, as weUasaformPTa^,^^ 

has already been reviewed and approved by the inventor, Arturo Maria, as well as by AT&T 



Sincerely, 

KENYONAIflgNYON 



Enclosure 




May 9, 2000 



Mr. A. Maria 



■ Dear Mr. Maria: ■ V ■ 

RE: Docket No. 1 13639 (AWS 459) 

Floating Intrusion Detection Platforms 

E^clowdis a copy of the above-identified patent application that is ready to be filed in 
the US; Patent Office; Also enclosed is the formal document you must sign in order to 
complete the patent filing requirements. 

After reviewing the application, please read the Declaration and Power of Attorney and 
ften sign and date it— in blue ink as your name is typed-* the appropriate place on the 
document (No notarization is required.) Please return me signed document to me as 
soon as possible. : 




Sincerely, 



Atts. 
As stated 



